Alerts This Week
Warning Icon 1 674
Alerts This Week
Warning Icon 1 674

Mageia 9: 2025-0201 critical: Firefox multiple security issues

mageia
Calendar Grey July 2, 2025
Dist Mageia Esm H88
The latest Mageia 9 updates for Firefox address significant vulnerabilities, including critical patches for various security flaws such as cross-origin scripting.
CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash

Summary

CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. CVE-2025-6429: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. CVE-2025-6430: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerable to a cross-site scripting attack. We can't yet ship this update to the armv7hl architecture; we are investigating the issue and will try to update firefox for armv7hl as soon as possible.

References

- https://bugs.mageia.org/show_bug.cgi?id=34393

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html

- https://www.firefox.com/en-US/firefox/128.12.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/

- https://www.cve.org/CVERecord?id=CVE-2025-6424

- https://www.cve.org/CVERecord?id=CVE-2025-6425

- https://www.cve.org/CVERecord?id=CVE-2025-6429

- https://www.cve.org/CVERecord?id=CVE-2025-6430

Topics%20covered

Topics Covered

security advisory critical cross-site scripting browser exploit website security mageia

Resolution

SRPMS

- 9/core/firefox-128.12.0-1.1.mga9

- 9/core/firefox-l10n-128.12.0-1.1.mga9

- 9/core/rootcerts-20250613.00-1.mga9

- 9/core/nss-3.113.0-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 02 Jul 2025
URL: https://advisories.mageia.org/MGASA-2025-0201.html
Type: security
CVE: CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430

Topics%20covered

Topics Covered

security advisory critical cross-site scripting browser exploit website security mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here